Lucene search

IDEMIACVELIST:CVE-2023-33219

HistoryDec 15, 2023 - 11:31 a.m.

CVE-2023-33219 Stack Buffer Overflow when checking retrofit package

2023-12-1511:31:45

CWE-121

IDEMIA

www.cve.org

cve-2023-33219

stack buffer overflow

retrofit package

validation

remote code execution

targeted device

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

The handler of the retrofit validation command doesn’t properly check the boundaries when performing certain validation
operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the
targeted device

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SIGMA Lite & Lite +",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "4.15.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SIGMA Wide",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "4.15.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SIGMA Extreme",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "4.15.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MorphoWave Compact/XP",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "2.12.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VisionPass",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "2.12.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MorphoWave SP",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "1.2.7",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

Related for CVELIST:CVE-2023-33219